I would greatly appreciate it if I was notified, or better notified if I didnt read so closely, that my password would be emailed back to me in PLAINTEXT after signing up. I am very shocked that this is even considered a reasonable practice by a software organization.

After receiving your password, you can access the forums via HTTPS and change your account password. Bear in mind that most users access the forums via HTTP, which indicates that this is not as significant a problem for users as you seem to consider it to be.

Its not so much an issue, as I do use unsecure passes over http, but rather a recomendation / wondering of who thought emailing passwords in plaintext was a good idea.

Ask the authors of phpBB. Besides, it's not an appalling idea for low-risk accounts (and a forum ID certainly qualifies as such). It's simple, difficult to intercept in practice and the password is often short-lived anyway.

Also, it's worth remembering that f.g.o runs a pretty old (albeit customized, patched & maintained) release of phpBB. I'm not familiar with the package but this may well be the best it could provide, as of that version. An upgrade is a major effort that, as far as I know, has barely left the planning stages._________________Plants are pithy, brooks tend to babble--I'm content to lie between them.
Super-short f.g.o checklist: Search first, strip comments, mark solved, help others.

Its not so much an issue, as I do use unsecure passes over http, but rather a recomendation / wondering of who thought emailing passwords in plaintext was a good idea.

Text via e-mail is a simple mechanism to distribute a temporary authentication token which is associated with the user via their e-mail account. To provide any significantly improved security would essentially require users to provide a public key when joining and to encrypt any password containing mail with that key, which itself introduces other problems.

JeliJami wrote:

Of course we visit the forums over HTTP:
- searches in Google return http:// links, not https://
- even if you choose to 'watch this topic' from an https session, email notifications still contain a link for http://, not https://

If you browse the forums using HTTPS, note that it is more resource intensive and less caching than HTTP, install Greasemonkey, then install the following script.

Out of curiosity, have there ever been any security breaches with the forums themselves?

Not that I'm aware of because we try to keep on top of potential threats and take according action. For what it's worth the passwords are not stored in plain text._________________Search | Read | Answer | Report | Strip